SlideShare ist ein Scribd-Unternehmen logo

Metasploit Auxiliary Modules Guide

Chris Gates
Chris Gates

Gave a talk on auxiliary modules at Reverse Space in NoVA

Technologie
1 von 28
Metasploit Auxiliary Modules Chris Gates carnal0wnage 1
Outline • Metasploit Framework Architecture • Metasploit Libraries • Auxiliary Modules Types • Examples/Practical Examples
Metasploit Framework architecture LIBRARIES INTERFACES Console TOOLS Rex CLI MSF Core GUI & Armitage PLUGINS MSF Base RPC MODULES Exploit Payload Encoder NOP Auxiliary
Libraries – Rex • lib/rex/ • “Ruby EXploitation library” • Basic library for most tasks • Sockets, protocols, command shell interface • SSL, SMB, HTTP, XOR, Base64, random text • Intended to be useful outside of the framework
Libraries – MSF Core • lib/msf/core • “Ruby EXploitation library” • Mixins for exploits and auxiliaries • AuxiliaryScanner, Report, AuthBrute, etc
Libraries – MSF Core • ExploitHTTP, FTP, Oracle, MSSQL, SMB
Libraries – MSF Core • Auxiliary mixins makes use of REX libraries
Where they live • Official modules live in msf3/modules/ – Subdirectories organized by module type (exploit/, auxiliary/, post/, …) • ~/.msf3/modules/ has same structure, loaded at startup if it exists
What is an auxiliary module? • Auxiliary – An exploit without a payload – Underappreciated* • Used mostly for discovery, fingerprinting, and automating tasks :-) • Makes use of the MSF REX library and other mixins • Uses run() instead of exploit()
Types of Auxiliary Modules • Various scanners for protocols (SMB, DCERPC, HTTP) • Network protocol “fuzzers” • Port scanner modules • Wireless • IPV6 • Denial of service modules • Server modules • Administrative access exploits
Various scanners for protocols 11
Various scanners for protocols 12
Various scanners for protocols • Designed to help with reconnaissance • Dozens of useful service scanners • Simple module format, easy to use • Specify THREADS for concurrency – Keep this under 16 for native Windows – 256 is fine on Linux • Uses RHOSTS instead of RHOST 13
Scanner tricks & tips • Uses OptAddressRange option class, similar to nmap host specification – 192.168.0.1,3,5-7 – 192.168.0.* – www.metasploit.com/24 – file:/tmp/ranges.txt 14
Scanner Tricks & Tips 15
Scanner Tricks & Tips 16
Network protocol “fuzzers” 17
Port scanner modules 18
Port scanner modules 19
Wireless 20
IPv6 • Makes use of the IPV6rachet mixin 21
Denial of service modules • Ummm Denial of Service modules…for those times when you need to force a reboot  22
Server modules • Evil services, mostly for stealing credentials 23
Administrative access exploits • Directory traversals – Vmware, coldfusion • Authentication bruteforcing – SMB, HTTP, FTP • Web application vulnerabilities 24
Administrative access exploits • Directory traversal 25
Authentication Bruteforcing • Authentication Bruteforcing 26
Practical Examples • Practical Example – Useragent checker 27
Questions? Chris Gates @carnal0wnage cg@metasploit.com

Empfohlen

Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Developmentkyaw thiha
 
Mini-Training: NancyFX
Mini-Training: NancyFXMini-Training: NancyFX
Mini-Training: NancyFXBetclic Everest Group Tech Team
 
An Introduction to Membase
An Introduction to MembaseAn Introduction to Membase
An Introduction to MembaseTim Lossen
 
Gemeinsame View-Models mit XAML Technologien
Gemeinsame View-Models mit XAML TechnologienGemeinsame View-Models mit XAML Technologien
Gemeinsame View-Models mit XAML TechnologienChristian Nagel
 
Java and the JVM
Java and the JVMJava and the JVM
Java and the JVMManish Pandit
 
PostgreSQL News
PostgreSQL NewsPostgreSQL News
PostgreSQL NewsPeter Eisentraut
 
Microsoft Azure DocumentDB - Global Azure Bootcamp 2016
Microsoft Azure DocumentDB - Global Azure Bootcamp 2016Microsoft Azure DocumentDB - Global Azure Bootcamp 2016
Microsoft Azure DocumentDB - Global Azure Bootcamp 2016Sunny Sharma
 
Advance java session 20
Advance java session 20Advance java session 20
Advance java session 20Smita B Kumar
 

Empfohlen

Metasploit Module Development
Metasploit Module DevelopmentMetasploit Module Development
Metasploit Module Developmentkyaw thiha
 
Mini-Training: NancyFX
Mini-Training: NancyFXMini-Training: NancyFX
Mini-Training: NancyFXBetclic Everest Group Tech Team
 
An Introduction to Membase
An Introduction to MembaseAn Introduction to Membase
An Introduction to MembaseTim Lossen
 
Gemeinsame View-Models mit XAML Technologien
Gemeinsame View-Models mit XAML TechnologienGemeinsame View-Models mit XAML Technologien
Gemeinsame View-Models mit XAML TechnologienChristian Nagel
 
Java and the JVM
Java and the JVMJava and the JVM
Java and the JVMManish Pandit
 
PostgreSQL News
PostgreSQL NewsPostgreSQL News
PostgreSQL NewsPeter Eisentraut
 
Microsoft Azure DocumentDB - Global Azure Bootcamp 2016
Microsoft Azure DocumentDB - Global Azure Bootcamp 2016Microsoft Azure DocumentDB - Global Azure Bootcamp 2016
Microsoft Azure DocumentDB - Global Azure Bootcamp 2016Sunny Sharma
 
Advance java session 20
Advance java session 20Advance java session 20
Advance java session 20Smita B Kumar
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
MSF process model
MSF process modelMSF process model
MSF process modelMuhammad Taqi Hassan Bukhari
 
MSF (Microsoft Solution Framework)
MSF (Microsoft Solution Framework)MSF (Microsoft Solution Framework)
MSF (Microsoft Solution Framework)Deniz Kılınç
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010Chris Gates
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Chris Gates
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackersChris Gates
 
Metasploit
MetasploitMetasploit
MetasploitRaghunath G
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Chris Gates
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber WeaponryJoshua L. Davis
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 

Weitere ähnliche Inhalte

Andere mochten auch

Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
MSF (Microsoft Solution Framework)
MSF (Microsoft Solution Framework)MSF (Microsoft Solution Framework)
MSF (Microsoft Solution Framework)Deniz Kılınç
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010Chris Gates
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Chris Gates
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Chris Gates
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackersChris Gates
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Chris Gates
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration TestersChris Gates
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 

Andere mochten auch (20)

Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
MSF process model
MSF process modelMSF process model
MSF process model
 
MSF (Microsoft Solution Framework)
MSF (Microsoft Solution Framework)MSF (Microsoft Solution Framework)
MSF (Microsoft Solution Framework)
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later Going Purple : From full time breaker to part time fixer: 1 year later
Going Purple : From full time breaker to part time fixer: 1 year later
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackers
 
Metasploit
MetasploitMetasploit
Metasploit
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
 
ColdFusion for Penetration Testers
ColdFusion for Penetration TestersColdFusion for Penetration Testers
ColdFusion for Penetration Testers
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops
 

Ähnlich wie Metasploit Auxiliary Modules Guide

Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber WeaponryJoshua L. Davis
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introductionMostafa Abdel-sallam
 
Containerization - The DevOps Revolution
Containerization - The DevOps RevolutionContainerization - The DevOps Revolution
Containerization - The DevOps RevolutionYulian Slobodyan
 
Apache Kafka
Apache KafkaApache Kafka
Apache Kafkaemreakis
 
Is That A Penguin In My Windows?
Is That A Penguin In My Windows?Is That A Penguin In My Windows?
Is That A Penguin In My Windows?zeroSteiner
 
WSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2
 
OpenNaaS Overview Complete
OpenNaaS Overview CompleteOpenNaaS Overview Complete
OpenNaaS Overview CompleteJoan Garcia
 
RabbitMQ And Nanite
RabbitMQ And NaniteRabbitMQ And Nanite
RabbitMQ And Nanitemattmatt
 
Configuration management with puppet
Configuration management with puppetConfiguration management with puppet
Configuration management with puppetJakub Stransky
 
Living with SQL and NoSQL at craigslist, a Pragmatic Approach
Living with SQL and NoSQL at craigslist, a Pragmatic ApproachLiving with SQL and NoSQL at craigslist, a Pragmatic Approach
Living with SQL and NoSQL at craigslist, a Pragmatic ApproachJeremy Zawodny
 
Ruby Microservices with RabbitMQ
Ruby Microservices with RabbitMQRuby Microservices with RabbitMQ
Ruby Microservices with RabbitMQZoran Majstorovic
 
Apache2 BootCamp : Understanding Apache Internals
Apache2 BootCamp : Understanding Apache InternalsApache2 BootCamp : Understanding Apache Internals
Apache2 BootCamp : Understanding Apache InternalsWildan Maulana
 
Integration in the age of DevOps
Integration in the age of DevOpsIntegration in the age of DevOps
Integration in the age of DevOpsAlbert Wong
 
Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…
Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…
Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…Lorenz Lo Sauer
 

Ähnlich wie Metasploit Auxiliary Modules Guide (20)

Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
 
01 Metasploit kung fu introduction
01 Metasploit kung fu introduction01 Metasploit kung fu introduction
01 Metasploit kung fu introduction
 
Containerization - The DevOps Revolution
Containerization - The DevOps RevolutionContainerization - The DevOps Revolution
Containerization - The DevOps Revolution
 
Apache Kafka
Apache KafkaApache Kafka
Apache Kafka
 
Is That A Penguin In My Windows?
Is That A Penguin In My Windows?Is That A Penguin In My Windows?
Is That A Penguin In My Windows?
 
Redis Labcamp
Redis LabcampRedis Labcamp
Redis Labcamp
 
David buksbaum a-briefintroductiontocsharp
David buksbaum a-briefintroductiontocsharpDavid buksbaum a-briefintroductiontocsharp
David buksbaum a-briefintroductiontocsharp
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
 
Xml interfaces to the popular nessus scanner
Xml interfaces to the popular nessus scannerXml interfaces to the popular nessus scanner
Xml interfaces to the popular nessus scanner
 
WSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product Overview
 
OpenNaaS Overview Complete
OpenNaaS Overview CompleteOpenNaaS Overview Complete
OpenNaaS Overview Complete
 
RabbitMQ And Nanite
RabbitMQ And NaniteRabbitMQ And Nanite
RabbitMQ And Nanite
 
Configuration management with puppet
Configuration management with puppetConfiguration management with puppet
Configuration management with puppet
 
Dotnet.ppt
Dotnet.pptDotnet.ppt
Dotnet.ppt
 
Living with SQL and NoSQL at craigslist, a Pragmatic Approach
Living with SQL and NoSQL at craigslist, a Pragmatic ApproachLiving with SQL and NoSQL at craigslist, a Pragmatic Approach
Living with SQL and NoSQL at craigslist, a Pragmatic Approach
 
Ruby Microservices with RabbitMQ
Ruby Microservices with RabbitMQRuby Microservices with RabbitMQ
Ruby Microservices with RabbitMQ
 
Apache2 BootCamp : Understanding Apache Internals
Apache2 BootCamp : Understanding Apache InternalsApache2 BootCamp : Understanding Apache Internals
Apache2 BootCamp : Understanding Apache Internals
 
Integration in the age of DevOps
Integration in the age of DevOpsIntegration in the age of DevOps
Integration in the age of DevOps
 
Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…
Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…
Microsoft .NET (dotnet) Framework 2003 - 2004 overview and web services…
 
XMPP Academy #2
XMPP Academy #2XMPP Academy #2
XMPP Academy #2
 

Mehr von Chris Gates

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVChris Gates
 
WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018Chris Gates
 
WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) Chris Gates
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Chris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXfSOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXfChris Gates
 
Hacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With MetasploitHacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With MetasploitChris Gates
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkChris Gates
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 

Mehr von Chris Gates (13)

Reiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHVReiki 101 - Defcon29 MHHV
Reiki 101 - Defcon29 MHHV
 
WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018WeirdAAL (Awesome Attack Library) CactusCon 2018
WeirdAAL (Awesome Attack Library) CactusCon 2018
 
WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library)
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXfSOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
SOURCE Boston --Attacking Oracle Web Applications with Metasploit & wXf
 
Hacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With MetasploitHacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With Metasploit
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit Framework
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
 

Kürzlich hochgeladen

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Metasploit Auxiliary Modules Guide

  • 1. Metasploit Auxiliary Modules Chris Gates carnal0wnage 1
  • 2. Outline • Metasploit Framework Architecture • Metasploit Libraries • Auxiliary Modules Types • Examples/Practical Examples
  • 3. Metasploit Framework architecture LIBRARIES INTERFACES Console TOOLS Rex CLI MSF Core GUI & Armitage PLUGINS MSF Base RPC MODULES Exploit Payload Encoder NOP Auxiliary
  • 4. Libraries – Rex • lib/rex/ • “Ruby EXploitation library” • Basic library for most tasks • Sockets, protocols, command shell interface • SSL, SMB, HTTP, XOR, Base64, random text • Intended to be useful outside of the framework
  • 5. Libraries – MSF Core • lib/msf/core • “Ruby EXploitation library” • Mixins for exploits and auxiliaries • AuxiliaryScanner, Report, AuthBrute, etc
  • 6. Libraries – MSF Core • ExploitHTTP, FTP, Oracle, MSSQL, SMB
  • 7. Libraries – MSF Core • Auxiliary mixins makes use of REX libraries
  • 8. Where they live • Official modules live in msf3/modules/ – Subdirectories organized by module type (exploit/, auxiliary/, post/, …) • ~/.msf3/modules/ has same structure, loaded at startup if it exists
  • 9. What is an auxiliary module? • Auxiliary – An exploit without a payload – Underappreciated* • Used mostly for discovery, fingerprinting, and automating tasks :-) • Makes use of the MSF REX library and other mixins • Uses run() instead of exploit()
  • 10. Types of Auxiliary Modules • Various scanners for protocols (SMB, DCERPC, HTTP) • Network protocol “fuzzers” • Port scanner modules • Wireless • IPV6 • Denial of service modules • Server modules • Administrative access exploits
  • 11. Various scanners for protocols 11
  • 12. Various scanners for protocols 12
  • 13. Various scanners for protocols • Designed to help with reconnaissance • Dozens of useful service scanners • Simple module format, easy to use • Specify THREADS for concurrency – Keep this under 16 for native Windows – 256 is fine on Linux • Uses RHOSTS instead of RHOST 13
  • 14. Scanner tricks & tips • Uses OptAddressRange option class, similar to nmap host specification – 192.168.0.1,3,5-7 – 192.168.0.* – www.metasploit.com/24 – file:/tmp/ranges.txt 14
  • 15. Scanner Tricks & Tips 15
  • 16. Scanner Tricks & Tips 16
  • 21. IPv6 • Makes use of the IPV6rachet mixin 21
  • 22. Denial of service modules • Ummm Denial of Service modules…for those times when you need to force a reboot  22
  • 23. Server modules • Evil services, mostly for stealing credentials 23
  • 24. Administrative access exploits • Directory traversals – Vmware, coldfusion • Authentication bruteforcing – SMB, HTTP, FTP • Web application vulnerabilities 24
  • 25. Administrative access exploits • Directory traversal 25
  • 26. Authentication Bruteforcing • Authentication Bruteforcing 26
  • 27. Practical Examples • Practical Example – Useragent checker 27
  • 28. Questions? Chris Gates @carnal0wnage cg@metasploit.com